Adware Doctor and the Mac App Store

What a bizarre story this is. Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches. It was a surprisingly popular app, ranking first in the Utilities category and fourth overall among paid apps, alongside stalwarts like Logic Pro X and Final Cut Pro X.

Contrary to some reports, Adware Doctor didn’t find some sort of hole in the sandbox that prevents apps downloaded from the Mac App Store from being able to access the entire file system. The app asked permission from the user, which is the only way utilities like this can work. Any user who believed in the stated purpose of Adware Doctor would grant this permission though. (MacOS 10.14 Mojave has additional protections for particularly sensitive files, like your browser history and email database — this shouldn’t work on Mojave even if you grant an app permission to access your home folder.)

You probably trust applications in the Official Mac App Store. And why wouldn’t you?

However, it’s questionable whether these statements actually hold true, as one of the top grossing applications in the Mac App Store surreptitiously exfiltrates highly sensitive user information to a (Chinese?) developer. Though Apple was contacted a month ago, and promised to investigate, the application remains available in Mac App Store even today.

Roger Stringer spends most of his time solving problems for people, and otherwise occupying himself with being a dad, cooking, speaking, learning, writing, reading, and the overall pursuit of life. He lives in Penticton, British Columbia, Canada